Post navigation

GAL Segmentation announced for Exchange 2010 SP2

An interesting post today on the Microsoft Exchange Team blog. Some, mainly large, organizations require the possibility of having creating different GAL (Global Address List) views or subsets. This way, users will be able to view a customized GAL with relevant addresses instead of the organization-wide GAL.

The Exchange team speaks of a “Global Address Segmentation feature”, offering segmentation through the Exchange management interfaces, providing organizations a way to create views of the global address book. The mechanism for these views are called “Address Book Policies”, which are going to use an assignment model instead of the ACL-based GAL segmentation. Note that the team states that Address Book Policies won’t replace the tenant isolation feature found in Exchange 2010’s hosting mode. Address Book Policies are to be used to segment and grant access to GAL segments, with hosting mode tenants are isolated.

I wonder if it will be possible to assign multiple Address Book Policies to a user to create cumulative views. For example, the manager of two departments can view the assigned GALs of these departments as being his GAL. If not, you may be required to create a separate address book policy for each level of access which might pose an administrative challenge.

Another thing: I expect it may require some form of change or requirement on clients as well since address lists are contained in the LDAP://CN=All Global Address Lists,CN=Address Lists Container,CN=<Exchange Organisation>,CN=Microsoft Exchange,CN=Services,.. container. The Default Global Address List element in that container is often accessed through a hard-coded lookup on its name and since it resides in Active Directory I don’t see how Exchange 2010 SP2 will manage that.

But of course this is all speculation; how Address Book Policies will be implemented and what the consequences are for migrations from an ACL-based Exchange environment remains to be seen.

Note that because of this announcement, Andy Grogan has ceased development on an Exchange 2010 version of the Address List Segregation Tool. Also, Microsoft will not release an Exchange 2010 version of the Virtual Organizations and Address List Segregation document.

Like this:

About Michel de Rooij

I'm a Microsoft Office Apps and Services MVP, with focus on Exchange Server, Office 365 and with a PowerShell affection. I'm is a consultant, publisher of EighTwOne, published author, and speaker. You can find me on Twitter, LinkedIn, Facebook.

Copyright

Unauthorized use or duplication of this material without permission from EighTwOne is strictly prohibited. Excerpts and links may be used, provided full and clear credit is given to EighTwOne with appropriate direction to original content.

Disclaimer

EighTwOne takes steps to make sure content of this site is correct. However, usage is at your own risk. EighTwOne does not accept responsibility or liability for errors or omissions in the content. Content is “as is”, without guarantees on completeness or accuracy of results obtained from using this information. Opinions expressed are my own.

About Michel de Rooij

Michel is an Office Apps & Services MVP with a PowerShell affection, and publisher of EighTwOne. You can find him on Twitter, LinkedIn, Facebook. Please use the Contact form for questions, or inquiries on consulting, support or other engagements.